Policy Agent doesn't reset Sun  Access Manager session time idle value

Hi,
We have the following setup in our environment:
- apache web server/web and policy agent 2.2 for apache 2.0.54
- webmethods portal server (jetty)
-Sun Access Manager (with Sun Directory Server)
We use policy agent for authentication purpose only (via Sun Access Manager/LDAP) when the users access the portal. We have custom code that creates session in Sun Access Manager for custom LDAP services. For testing purpose, we configure SAM session to have Max Session Timeout at 120mins and Time Idle at 15mins. I would assume that, after the initial login request, for all subsequent accesses to the portal the policy agent should intercept the request and reset the Time Idle value of SAM session. However, when I monitor time idle value using SAM console, session tab, the time idle value didn't change when the portal user access pages, submit actions, etc. I can see in the debug log of policy agent that requests are being intercepted/processed, but the time idle didn't get reset.
Does anyone know if this is a bug in configuration or in policy agent itself or am I making the wrong assumption?
Thanks a lot for the help.

Thanks for the reply, Shivaram. The issue appears to occur at random time, not accurately at the 3 min interval as you mention. I tested changing this value to 1, theoretically, after one 1 minute of idle time, accessing a link would make the agent reset the time idle value for the user session in SAM, but it didn't even after 3 minutes. This seems to be either a policy agent or system access manager bug.
We performed a 'vanilla' test using the apache server manual pages (only plain HTML, no POST requests), the pages are protected by the policy agent. At the first login, rwe were prompted to enter credential to be validated by SAM/LDAP, and then a user session is created in SAM session table. We browse around the manual pages, once in a while, certain pages cause the policy agent to reset the time idle. However, revisiting these links after a few minutes doesn't reset the idle value. Caching setting has been disable as well. Could there be or lack of some settings in AMConfig.properties or AMAgent.properties that might have caused this behavior?
Thanks for all your help,

Similar Messages

  • Poor performance using policy agent 2.2 with Sun Access Manager

    Even if com.sun.am.policy.agents.config.do_sso_only is set to true, the policy agent sent a request to PolicyService (svcid="Policy") and it's take more than 8 seconds to receive a respose. Any idea why ??
    Agent Log
    2012-10-15 08:11:42.441MaxDebug 24211:130800 PolicyService: <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
    <RequestSet vers="1.0" svcid="Policy" reqid="9">
    <Request><![CDATA[
    <PolicyService version="1.0">
    <PolicyRequest requestId="2" appSSOToken="AQIC5wM2LY4SfcynHuhUJZ2ol3lBzD0LJVKLpP7ULh6sgcg=@AAJTSQACMDE=#">
    <GetResourceResults userSSOToken="AQIC5wM2LY4Sfczm02fTJAo4H1i82OGPsRWMs5t6D7bRaVQ=@AAJTSQACMDE=#" serviceName="iPlanetAMWebAgentService" resourceName="http://devappa11.dev.emergis:80" resourceScope="response-attributes-only">
    <EnvParameters>
    <AttributeValuePair>
    <Attribute name="requestIp"/>
    <Value>142.168.64.128</Value>
    </AttributeValuePair>
    </EnvParameters>
    <GetResponseDecisions>
    <Attribute name="uid"/>
    </GetResponseDecisions>
    </GetResourceResults>
    </PolicyRequest>
    </PolicyService>]]>
    </Request>
    </RequestSet>
    2012-10-15 08:11:42.441MaxDebug 24211:130800 PolicyService: BaseService::sendRequest Request line: POST /amserver/policyservice HTTP/1.0
    2012-10-15 08:11:42.441 Debug 24211:130800 PolicyService: BaseService::sendRequest Cookie and Headers =Host: devappf9.dev.emergis
    2012-10-15 08:11:42.441 Debug 24211:130800 PolicyService: BaseService::sendRequest Content-Length =Content-Length: 778
    2012-10-15 08:11:42.441 Debug 24211:130800 PolicyService: BaseService::sendRequest Header Suffix =Accept: text/xml
    Content-Type: text/xml; charset=UTF-8
    2012-10-15 08:11:42.441MaxDebug 24211:130800 PolicyService: BaseService::sendRequest(): Total chunks: 24.
    2012-10-15 08:11:42.441MaxDebug 24211:130800 PolicyService: BaseService::sendRequest(): Sent 24 chunks.
    2012-10-15 08:11:50.801 Debug 24211:130800 PolicyService: HTTP Status = 200 (OK)
    2012-10-15 08:11:50.801MaxDebug 24211:130800 PolicyService: Http::Response::readAndParse(): Reading headers.
    2012-10-15 08:11:50.801MaxDebug 24211:130800 PolicyService: Server: Sun-ONE-Web-Server/6.1
    2012-10-15 08:11:50.801MaxDebug 24211:130800 PolicyService: Date: Mon, 15 Oct 2012 12:11:50 GMT
    2012-10-15 08:11:50.801MaxDebug 24211:130800 PolicyService: Content-type: text/html
    2012-10-15 08:11:50.801MaxDebug 24211:130800 PolicyService: Connection: close
    2012-10-15 08:11:50.801 Debug 24211:130800 PolicyService: Http::Response::readAndParse(): No content length in response.
    2012-10-15 08:11:50.802MaxDebug 24211:130800 all: Connection::waitForReply(): returns with status success.
    2012-10-15 08:11:50.802MaxDebug 24211:130800 PolicyService: Http::Response::readAndParse(): Completed processing the response with status: success
    2012-10-15 08:11:50.802MaxDebug 24211:130800 PolicyService: <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
    <ResponseSet vers="1.0" svcid="policy" reqid="9">
    <Response><![CDATA[<PolicyService version="1.0" revisionNumber="30">
    <PolicyResponse requestId="2">
    <ResourceResult name="http://devappa11.dev.emergis:80">
    <PolicyDecision>
    <ResponseDecisions>
    <AttributeValuePair>
    <Attribute name="uid"/>
    <Value>cppuser1</Value>
    </AttributeValuePair>
    </ResponseDecisions>
    </PolicyDecision>
    </ResourceResult>
    </PolicyResponse>
    </PolicyService>
    ]]></Response>
    </ResponseSet>

    10/15/2012 08:11:48:511 AM EDT: Thread[service-j2ee-9,5,main]
    PolicyCache:cacheKeys in cache:[policies/dc=dev^dc=emergis^^policyadmin/default/1.0/iplanetampolicyservice/o=sunamhiddenrealmdelegationservicepermissions,ou=services,dc=dev,dc=emergis, /policies/o=nfld-ehr^dc=dev^dc=emergis^^datastoresreadonly/default/1.0/iplanetampolicyservice/o=sunamhiddenrealmdelegationservicepermissions,ou=services,dc=dev,dc=emergis, /policies/o=nfld-ehr^dc=dev^dc=emergis^^realmadmin/default/1.0/iplanetampolicyservice/o=sunamhiddenrealmdelegationservicepermissions,ou=services,dc=dev,dc=emergis, /policies/dc=dev^dc=emergis^^realmadmin/default/1.0/iplanetampolicyservice/o=sunamhiddenrealmdelegationservicepermissions,ou=services,dc=dev,dc=emergis, /policies/o=nfld-ehr^dc=dev^dc=emergis^^policyadmin/default/1.0/iplanetampolicyservice/o=sunamhiddenrealmdelegationservicepermissions,ou=services,dc=dev,dc=emergis, /policies/selfreadattributes/default/1.0/iplanetampolicyservice/o=sunamhiddenrealmdelegationservicepermissions,ou=services,dc=dev,dc=emergis, /policies/jackpolicy/default/1.0/iplanetampolicyservice/o=nfld-ehr,dc=dev,dc=emergis, /policies/test jack/default/1.0/iplanetampolicyservice/dc=dev,dc=emergis, /policies/dc=dev^dc=emergis^^datastoresreadonly/default/1.0/iplanetampolicyservice/o=sunamhiddenrealmdelegationservicepermissions,ou=services,dc=dev,dc=emergis, /policies/p_dis_system administrator_null/default/1.0/iplanetampolicyservice/o=nfld-ehr,dc=dev,dc=emergis, /policies/o=nfld-ehr^dc=dev^dc=emergis^^realmreadonly/default/1.0/iplanetampolicyservice/o=sunamhiddenrealmdelegationservicepermissions,ou=services,dc=dev,dc=emergis, /policies/jackpolicy/default/1.0/iplanetampolicyservice/dc=dev,dc=emergis, /policies/selfwriteattributes/default/1.0/iplanetampolicyservice/o=sunamhiddenrealmdelegationservicepermissions,ou=services,dc=dev,dc=emergis, /policies/dc=dev^dc=emergis^^realmreadonly/default/1.0/iplanetampolicyservice/o=sunamhiddenrealmdelegationservicepermissions,ou=services,dc=dev,dc=emergis, /policies/p_dis_testjan1_null/default/1.0/iplanetampolicyservice/o=nfld-ehr,dc=dev,dc=emergis, /policies/routetonfld-ehr/default/1.0/iplanetampolicyservice/dc=dev,dc=emergis]
    10/15/2012 08:11:48:511 AM EDT: Thread[service-j2ee-9,5,main]
    Policy dc=dev^dc=emergis^^DatastoresReadOnly is Using Policy evaluation order :1
    10/15/2012 08:11:48:511 AM EDT: Thread[service-j2ee-9,5,main]
    Using policy evaluation order:SUBJECTS_CONDITIONS_RULES
    10/15/2012 08:11:48:511 AM EDT: Thread[service-j2ee-9,5,main]
    Subjects.isMember():getting subject evaluation results from resultCache of policy
    10/15/2012 08:11:48:511 AM EDT: Thread[service-j2ee-9,5,main]
    at Policy.getPolicyDecision() principal, resource name, action names, policyName, policyDecision = uid=cppuser1,ou=people,o=NFLD-EHR,dc=dev,dc=emergis, sms://o=nfld-ehr,dc=dev,dc=emergis/sunIdentityRepositoryService/1.0/application/user/cppuser1, [MODIFY, READ, DELEGATE], dc=dev^dc=emergis^^DatastoresReadOnly,
    10/15/2012 08:11:48:511 AM EDT: Thread[service-j2ee-9,5,main]
    at PolicyCache.getPolicy(orgName,policyName):orgName=o=sunamhiddenrealmdelegationservicepermissions,ou=services,dc=dev,dc=emergis:policyName=dc=dev^dc=emergis^^RealmAdmincacheKey=/policies/dc=dev^dc=emergis^^realmadmin/default/1.0/iplanetampolicyservice/o=sunamhiddenrealmdelegationservicepermissions,ou=services,dc=dev,dc=emergis
    10/15/2012 08:11:48:511 AM EDT: Thread[service-j2ee-9,5,main]
    PolicyCache:cacheKeys in cache:[policies/dc=dev^dc=emergis^^policyadmin/default/1.0/iplanetampolicyservice/o=sunamhiddenrealmdelegationservicepermissions,ou=services,dc=dev,dc=emergis, /policies/o=nfld-ehr^dc=dev^dc=emergis^^datastoresreadonly/default/1.0/iplanetampolicyservice/o=sunamhiddenrealmdelegationservicepermissions,ou=services,dc=dev,dc=emergis, /policies/o=nfld-ehr^dc=dev^dc=emergis^^realmadmin/default/1.0/iplanetampolicyservice/o=sunamhiddenrealmdelegationservicepermissions,ou=services,dc=dev,dc=emergis, /policies/dc=dev^dc=emergis^^realmadmin/default/1.0/iplanetampolicyservice/o=sunamhiddenrealmdelegationservicepermissions,ou=services,dc=dev,dc=emergis, /policies/o=nfld-ehr^dc=dev^dc=emergis^^policyadmin/default/1.0/iplanetampolicyservice/o=sunamhiddenrealmdelegationservicepermissions,ou=services,dc=dev,dc=emergis, /policies/selfreadattributes/default/1.0/iplanetampolicyservice/o=sunamhiddenrealmdelegationservicepermissions,ou=services,dc=dev,dc=emergis, /policies/jackpolicy/default/1.0/iplanetampolicyservice/o=nfld-ehr,dc=dev,dc=emergis, /policies/test jack/default/1.0/iplanetampolicyservice/dc=dev,dc=emergis, /policies/dc=dev^dc=emergis^^datastoresreadonly/default/1.0/iplanetampolicyservice/o=sunamhiddenrealmdelegationservicepermissions,ou=services,dc=dev,dc=emergis, /policies/p_dis_system administrator_null/default/1.0/iplanetampolicyservice/o=nfld-ehr,dc=dev,dc=emergis, /policies/o=nfld-ehr^dc=dev^dc=emergis^^realmreadonly/default/1.0/iplanetampolicyservice/o=sunamhiddenrealmdelegationservicepermissions,ou=services,dc=dev,dc=emergis, /policies/jackpolicy/default/1.0/iplanetampolicyservice/dc=dev,dc=emergis, /policies/selfwriteattributes/default/1.0/iplanetampolicyservice/o=sunamhiddenrealmdelegationservicepermissions,ou=services,dc=dev,dc=emergis, /policies/dc=dev^dc=emergis^^realmreadonly/default/1.0/iplanetampolicyservice/o=sunamhiddenrealmdelegationservicepermissions,ou=services,dc=dev,dc=emergis, /policies/p_dis_testjan1_null/default/1.0/iplanetampolicyservice/o=nfld-ehr,dc=dev,dc=emergis, /policies/routetonfld-ehr/default/1.0/iplanetampolicyservice/dc=dev,dc=emergis]
    10/15/2012 08:11:48:511 AM EDT: Thread[service-j2ee-9,5,main]
    Policy dc=dev^dc=emergis^^RealmAdmin is Using Policy evaluation order :1
    10/15/2012 08:11:48:511 AM EDT: Thread[service-j2ee-9,5,main]
    Using policy evaluation order:SUBJECTS_CONDITIONS_RULES
    10/15/2012 08:11:48:511 AM EDT: Thread[service-j2ee-9,5,main]
    Subjects.isMember():getting subject evaluation results from resultCache of policy
    10/15/2012 08:11:48:512 AM EDT: Thread[service-j2ee-9,5,main]
    at Policy.getPolicyDecision() principal, resource name, action names, policyName, policyDecision = uid=cppuser1,ou=people,o=NFLD-EHR,dc=dev,dc=emergis, sms://o=nfld-ehr,dc=dev,dc=emergis/sunIdentityRepositoryService/1.0/application/user/cppuser1, [MODIFY, READ, DELEGATE], dc=dev^dc=emergis^^RealmAdmin,
    10/15/2012 08:11:48:512 AM EDT: Thread[service-j2ee-9,5,main]
    at PolicyCache.getPolicy(orgName,policyName):orgName=o=sunamhiddenrealmdelegationservicepermissions,ou=services,dc=dev,dc=emergis:policyName=SelfWriteAttributescacheKey=/policies/selfwriteattributes/default/1.0/iplanetampolicyservice/o=sunamhiddenrealmdelegationservicepermissions,ou=services,dc=dev,dc=emergis
    10/15/2012 08:11:48:512 AM EDT: Thread[service-j2ee-9,5,main]
    PolicyCache:cacheKeys in cache:[policies/dc=dev^dc=emergis^^policyadmin/default/1.0/iplanetampolicyservice/o=sunamhiddenrealmdelegationservicepermissions,ou=services,dc=dev,dc=emergis, /policies/o=nfld-ehr^dc=dev^dc=emergis^^datastoresreadonly/default/1.0/iplanetampolicyservice/o=sunamhiddenrealmdelegationservicepermissions,ou=services,dc=dev,dc=emergis, /policies/o=nfld-ehr^dc=dev^dc=emergis^^realmadmin/default/1.0/iplanetampolicyservice/o=sunamhiddenrealmdelegationservicepermissions,ou=services,dc=dev,dc=emergis, /policies/dc=dev^dc=emergis^^realmadmin/default/1.0/iplanetampolicyservice/o=sunamhiddenrealmdelegationservicepermissions,ou=services,dc=dev,dc=emergis, /policies/o=nfld-ehr^dc=dev^dc=emergis^^policyadmin/default/1.0/iplanetampolicyservice/o=sunamhiddenrealmdelegationservicepermissions,ou=services,dc=dev,dc=emergis, /policies/selfreadattributes/default/1.0/iplanetampolicyservice/o=sunamhiddenrealmdelegationservicepermissions,ou=services,dc=dev,dc=emergis, /policies/jackpolicy/default/1.0/iplanetampolicyservice/o=nfld-ehr,dc=dev,dc=emergis, /policies/test jack/default/1.0/iplanetampolicyservice/dc=dev,dc=emergis, /policies/dc=dev^dc=emergis^^datastoresreadonly/default/1.0/iplanetampolicyservice/o=sunamhiddenrealmdelegationservicepermissions,ou=services,dc=dev,dc=emergis, /policies/p_dis_system administrator_null/default/1.0/iplanetampolicyservice/o=nfld-ehr,dc=dev,dc=emergis, /policies/o=nfld-ehr^dc=dev^dc=emergis^^realmreadonly/default/1.0/iplanetampolicyservice/o=sunamhiddenrealmdelegationservicepermissions,ou=services,dc=dev,dc=emergis, /policies/jackpolicy/default/1.0/iplanetampolicyservice/dc=dev,dc=emergis, /policies/selfwriteattributes/default/1.0/iplanetampolicyservice/o=sunamhiddenrealmdelegationservicepermissions,ou=services,dc=dev,dc=emergis, /policies/dc=dev^dc=emergis^^realmreadonly/default/1.0/iplanetampolicyservice/o=sunamhiddenrealmdelegationservicepermissions,ou=services,dc=dev,dc=emergis, /policies/p_dis_testjan1_null/default/1.0/iplanetampolicyservice/o=nfld-ehr,dc=dev,dc=emergis, /policies/routetonfld-ehr/default/1.0/iplanetampolicyservice/dc=dev,dc=emergis]
    10/15/2012 08:11:48:512 AM EDT: Thread[service-j2ee-9,5,main]
    at PolicyCache.getPolicy(orgName,policyName):orgName=o=sunamhiddenrealmdelegationservicepermissions,ou=services,dc=dev,dc=emergis:policyName=o=nfld-ehr^dc=dev^dc=emergis^^DatastoresReadOnlycacheKey=/policies/o=nfld-ehr^dc=dev^dc=emergis^^datastoresreadonly/default/1.0/iplanetampolicyservice/o=sunamhiddenrealmdelegationservicepermissions,ou=services,dc=dev,dc=emergis
    10/15/2012 08:11:48:512 AM EDT: Thread[service-j2ee-9,5,main]
    PolicyCache:cacheKeys in cache:[policies/dc=dev^dc=emergis^^policyadmin/default/1.0/iplanetampolicyservice/o=sunamhiddenrealmdelegationservicepermissions,ou=services,dc=dev,dc=emergis, /policies/o=nfld-ehr^dc=dev^dc=emergis^^datastoresreadonly/default/1.0/iplanetampolicyservice/o=sunamhiddenrealmdelegationservicepermissions,ou=services,dc=dev,dc=emergis, /policies/o=nfld-ehr^dc=dev^dc=emergis^^realmadmin/default/1.0/iplanetampolicyservice/o=sunamhiddenrealmdelegationservicepermissions,ou=services,dc=dev,dc=emergis, /policies/dc=dev^dc=emergis^^realmadmin/default/1.0/iplanetampolicyservice/o=sunamhiddenrealmdelegationservicepermissions,ou=services,dc=dev,dc=emergis, /policies/o=nfld-ehr^dc=dev^dc=emergis^^policyadmin/default/1.0/iplanetampolicyservice/o=sunamhiddenrealmdelegationservicepermissions,ou=services,dc=dev,dc=emergis, /policies/selfreadattributes/default/1.0/iplanetampolicyservice/o=sunamhiddenrealmdelegationservicepermissions,ou=services,dc=dev,dc=emergis, /policies/jackpolicy/default/1.0/iplanetampolicyservice/o=nfld-ehr,dc=dev,dc=emergis, /policies/test jack/default/1.0/iplanetampolicyservice/dc=dev,dc=emergis, /policies/dc=dev^dc=emergis^^datastoresreadonly/default/1.0/iplanetampolicyservice/o=sunamhiddenrealmdelegationservicepermissions,ou=services,dc=dev,dc=emergis, /policies/p_dis_system administrator_null/default/1.0/iplanetampolicyservice/o=nfld-ehr,dc=dev,dc=emergis, /policies/o=nfld-ehr^dc=dev^dc=emergis^^realmreadonly/default/1.0/iplanetampolicyservice/o=sunamhiddenrealmdelegationservicepermissions,ou=services,dc=dev,dc=emergis, /policies/jackpolicy/default/1.0/iplanetampolicyservice/dc=dev,dc=emergis, /policies/selfwriteattributes/default/1.0/iplanetampolicyservice/o=sunamhiddenrealmdelegationservicepermissions,ou=services,dc=dev,dc=emergis, /policies/dc=dev^dc=emergis^^realmreadonly/default/1.0/iplanetampolicyservice/o=sunamhiddenrealmdelegationservicepermissions,ou=services,dc=dev,dc=emergis, /policies/p_dis_testjan1_null/default/1.0/iplanetampolicyservice/o=nfld-ehr,dc=dev,dc=emergis, /policies/routetonfld-ehr/default/1.0/iplanetampolicyservice/dc=dev,dc=emergis]
    10/15/2012 08:11:48:512 AM EDT: Thread[service-j2ee-9,5,main]
    at PolicyCache.getPolicy(orgName,policyName):orgName=o=sunamhiddenrealmdelegationservicepermissions,ou=services,dc=dev,dc=emergis:policyName=o=nfld-ehr^dc=dev^dc=emergis^^RealmAdmincacheKey=/policies/o=nfld-ehr^dc=dev^dc=emergis^^realmadmin/default/1.0/iplanetampolicyservice/o=sunamhiddenrealmdelegationservicepermissions,ou=services,dc=dev,dc=emergis
    10/15/2012 08:11:48:512 AM EDT: Thread[service-j2ee-9,5,main]
    PolicyCache:cacheKeys in cache:[policies/dc=dev^dc=emergis^^policyadmin/default/1.0/iplanetampolicyservice/o=sunamhiddenrealmdelegationservicepermissions,ou=services,dc=dev,dc=emergis, /policies/o=nfld-ehr^dc=dev^dc=emergis^^datastoresreadonly/default/1.0/iplanetampolicyservice/o=sunamhiddenrealmdelegationservicepermissions,ou=services,dc=dev,dc=emergis, /policies/o=nfld-ehr^dc=dev^dc=emergis^^realmadmin/default/1.0/iplanetampolicyservice/o=sunamhiddenrealmdelegationservicepermissions,ou=services,dc=dev,dc=emergis, /policies/dc=dev^dc=emergis^^realmadmin/default/1.0/iplanetampolicyservice/o=sunamhiddenrealmdelegationservicepermissions,ou=services,dc=dev,dc=emergis, /policies/o=nfld-ehr^dc=dev^dc=emergis^^policyadmin/default/1.0/iplanetampolicyservice/o=sunamhiddenrealmdelegationservicepermissions,ou=services,dc=dev,dc=emergis, /policies/selfreadattributes/default/1.0/iplanetampolicyservice/o=sunamhiddenrealmdelegationservicepermissions,ou=services,dc=dev,dc=emergis, /policies/jackpolicy/default/1.0/iplanetampolicyservice/o=nfld-ehr,dc=dev,dc=emergis, /policies/test jack/default/1.0/iplanetampolicyservice/dc=dev,dc=emergis, /policies/dc=dev^dc=emergis^^datastoresreadonly/default/1.0/iplanetampolicyservice/o=sunamhiddenrealmdelegationservicepermissions,ou=services,dc=dev,dc=emergis, /policies/p_dis_system administrator_null/default/1.0/iplanetampolicyservice/o=nfld-ehr,dc=dev,dc=emergis, /policies/o=nfld-ehr^dc=dev^dc=emergis^^realmreadonly/default/1.0/iplanetampolicyservice/o=sunamhiddenrealmdelegationservicepermissions,ou=services,dc=dev,dc=emergis, /policies/jackpolicy/default/1.0/iplanetampolicyservice/dc=dev,dc=emergis, /policies/selfwriteattributes/default/1.0/iplanetampolicyservice/o=sunamhiddenrealmdelegationservicepermissions,ou=services,dc=dev,dc=emergis, /policies/dc=dev^dc=emergis^^realmreadonly/default/1.0/iplanetampolicyservice/o=sunamhiddenrealmdelegationservicepermissions,ou=services,dc=dev,dc=emergis, /policies/p_dis_testjan1_null/default/1.0/iplanetampolicyservice/o=nfld-ehr,dc=dev,dc=emergis, /policies/routetonfld-ehr/default/1.0/iplanetampolicyservice/dc=dev,dc=emergis]
    10/15/2012 08:11:48:512 AM EDT: Thread[service-j2ee-9,5,main]
    at PolicyCache.getPolicy(orgName,policyName):orgName=o=sunamhiddenrealmdelegationservicepermissions,ou=services,dc=dev,dc=emergis:policyName=SelfReadAttributescacheKey=/policies/selfreadattributes/default/1.0/iplanetampolicyservice/o=sunamhiddenrealmdelegationservicepermissions,ou=services,dc=dev,dc=emergis
    10/15/2012 08:11:48:513 AM EDT: Thread[service-j2ee-9,5,main]
    PolicyCache:cacheKeys in cache:[policies/dc=dev^dc=emergis^^policyadmin/default/1.0/iplanetampolicyservice/o=sunamhiddenrealmdelegationservicepermissions,ou=services,dc=dev,dc=emergis, /policies/o=nfld-ehr^dc=dev^dc=emergis^^datastoresreadonly/default/1.0/iplanetampolicyservice/o=sunamhiddenrealmdelegationservicepermissions,ou=services,dc=dev,dc=emergis, /policies/o=nfld-ehr^dc=dev^dc=emergis^^realmadmin/default/1.0/iplanetampolicyservice/o=sunamhiddenrealmdelegationservicepermissions,ou=services,dc=dev,dc=emergis, /policies/dc=dev^dc=emergis^^realmadmin/default/1.0/iplanetampolicyservice/o=sunamhiddenrealmdelegationservicepermissions,ou=services,dc=dev,dc=emergis, /policies/o=nfld-ehr^dc=dev^dc=emergis^^policyadmin/default/1.0/iplanetampolicyservice/o=sunamhiddenrealmdelegationservicepermissions,ou=services,dc=dev,dc=emergis, /policies/selfreadattributes/default/1.0/iplanetampolicyservice/o=sunamhiddenrealmdelegationservicepermissions,ou=services,dc=dev,dc=emergis, /policies/jackpolicy/default/1.0/iplanetampolicyservice/o=nfld-ehr,dc=dev,dc=emergis, /policies/test jack/default/1.0/iplanetampolicyservice/dc=dev,dc=emergis, /policies/dc=dev^dc=emergis^^datastoresreadonly/default/1.0/iplanetampolicyservice/o=sunamhiddenrealmdelegationservicepermissions,ou=services,dc=dev,dc=emergis, /policies/p_dis_system administrator_null/default/1.0/iplanetampolicyservice/o=nfld-ehr,dc=dev,dc=emergis, /policies/o=nfld-ehr^dc=dev^dc=emergis^^realmreadonly/default/1.0/iplanetampolicyservice/o=sunamhiddenrealmdelegationservicepermissions,ou=services,dc=dev,dc=emergis, /policies/jackpolicy/default/1.0/iplanetampolicyservice/dc=dev,dc=emergis, /policies/selfwriteattributes/default/1.0/iplanetampolicyservice/o=sunamhiddenrealmdelegationservicepermissions,ou=services,dc=dev,dc=emergis, /policies/dc=dev^dc=emergis^^realmreadonly/default/1.0/iplanetampolicyservice/o=sunamhiddenrealmdelegationservicepermissions,ou=services,dc=dev,dc=emergis, /policies/p_dis_testjan1_null/default/1.0/iplanetampolicyservice/o=nfld-ehr,dc=dev,dc=emergis, /policies/routetonfld-ehr/default/1.0/iplanetampolicyservice/dc=dev,dc=emergis]
    10/15/2012 08:11:48:513 AM EDT: Thread[service-j2ee-9,5,main]
    at PolicyCache.getPolicy(orgName,policyName):orgName=o=sunamhiddenrealmdelegationservicepermissions,ou=services,dc=dev,dc=emergis:policyName=dc=dev^dc=emergis^^DatastoresReadOnlycacheKey=/policies/dc=dev^dc=emergis^^datastoresreadonly/default/1.0/iplanetampolicyservice/o=sunamhiddenrealmdelegationservicepermissions,ou=services,dc=dev,dc=emergis
    10/15/2012 08:11:48:513 AM EDT: Thread[service-j2ee-9,5,main]
    PolicyCache:cacheKeys in cache:[policies/dc=dev^dc=emergis^^policyadmin/default/1.0/iplanetampolicyservice/o=sunamhiddenrealmdelegationservicepermissions,ou=services,dc=dev,dc=emergis, /policies/o=nfld-ehr^dc=dev^dc=emergis^^datastoresreadonly/default/1.0/iplanetampolicyservice/o=sunamhiddenrealmdelegationservicepermissions,ou=services,dc=dev,dc=emergis, /policies/o=nfld-ehr^dc=dev^dc=emergis^^realmadmin/default/1.0/iplanetampolicyservice/o=sunamhiddenrealmdelegationservicepermissions,ou=services,dc=dev,dc=emergis, /policies/dc=dev^dc=emergis^^realmadmin/default/1.0/iplanetampolicyservice/o=sunamhiddenrealmdelegationservicepermissions,ou=services,dc=dev,dc=emergis, /policies/o=nfld-ehr^dc=dev^dc=emergis^^policyadmin/default/1.0/iplanetampolicyservice/o=sunamhiddenrealmdelegationservicepermissions,ou=services,dc=dev,dc=emergis, /policies/selfreadattributes/default/1.0/iplanetampolicyservice/o=sunamhiddenrealmdelegationservicepermissions,ou=services,dc=dev,dc=emergis, /policies/jackpolicy/default/1.0/iplanetampolicyservice/o=nfld-ehr,dc=dev,dc=emergis, /policies/test jack/default/1.0/iplanetampolicyservice/dc=dev,dc=emergis, /policies/dc=dev^dc=emergis^^datastoresreadonly/default/1.0/iplanetampolicyservice/o=sunamhiddenrealmdelegationservicepermissions,ou=services,dc=dev,dc=emergis, /policies/p_dis_system administrator_null/default/1.0/iplanetampolicyservice/o=nfld-ehr,dc=dev,dc=emergis, /policies/o=nfld-ehr^dc=dev^dc=emergis^^realmreadonly/default/1.0/iplanetampolicyservice/o=sunamhiddenrealmdelegationservicepermissions,ou=services,dc=dev,dc=emergis, /policies/jackpolicy/default/1.0/iplanetampolicyservice/dc=dev,dc=emergis, /policies/selfwriteattributes/default/1.0/iplanetampolicyservice/o=sunamhiddenrealmdelegationservicepermissions,ou=services,dc=dev,dc=emergis, /policies/dc=dev^dc=emergis^^realmreadonly/default/1.0/iplanetampolicyservice/o=sunamhiddenrealmdelegationservicepermissions,ou=services,dc=dev,dc=emergis, /policies/p_dis_testjan1_null/default/1.0/iplanetampolicyservice/o=nfld-ehr,dc=dev,dc=emergis, /policies/routetonfld-ehr/default/1.0/iplanetampolicyservice/dc=dev,dc=emergis]
    10/15/2012 08:11:48:513 AM EDT: Thread[service-j2ee-9,5,main]
    at PolicyCache.getPolicy(orgName,policyName):orgName=o=sunamhiddenrealmdelegationservicepermissions,ou=services,dc=dev,dc=emergis:policyName=dc=dev^dc=emergis^^RealmAdmincacheKey=/policies/dc=dev^dc=emergis^^realmadmin/default/1.0/iplanetampolicyservice/o=sunamhiddenrealmdelegationservicepermissions,ou=services,dc=dev,dc=emergis
    10/15/2012 08:11:48:513 AM EDT: Thread[service-j2ee-9,5,main]
    PolicyCache:cacheKeys in cache:[policies/dc=dev^dc=emergis^^policyadmin/default/1.0/iplanetampolicyservice/o=sunamhiddenrealmdelegationservicepermissions,ou=services,dc=dev,dc=emergis, /policies/o=nfld-ehr^dc=dev^dc=emergis^^datastoresreadonly/default/1.0/iplanetampolicyservice/o=sunamhiddenrealmdelegationservicepermissions,ou=services,dc=dev,dc=emergis, /policies/o=nfld-ehr^dc=dev^dc=emergis^^realmadmin/default/1.0/iplanetampolicyservice/o=sunamhiddenrealmdelegationservicepermissions,ou=services,dc=dev,dc=emergis, /policies/dc=dev^dc=emergis^^realmadmin/default/1.0/iplanetampolicyservice/o=sunamhiddenrealmdelegationservicepermissions,ou=services,dc=dev,dc=emergis, /policies/o=nfld-ehr^dc=dev^dc=emergis^^policyadmin/default/1.0/iplanetampolicyservice/o=sunamhiddenrealmdelegationservicepermissions,ou=services,dc=dev,dc=emergis, /policies/selfreadattributes/default/1.0/iplanetampolicyservice/o=sunamhiddenrealmdelegationservicepermissions,ou=services,dc=dev,dc=emergis, /policies/jackpolicy/default/1.0/iplanetampolicyservice/o=nfld-ehr,dc=dev,dc=emergis, /policies/test jack/default/1.0/iplanetampolicyservice/dc=dev,dc=emergis, /policies/dc=dev^dc=emergis^^datastoresreadonly/default/1.0/iplanetampolicyservice/o=sunamhiddenrealmdelegationservicepermissions,ou=services,dc=dev,dc=emergis, /policies/p_dis_system administrator_null/default/1.0/iplanetampolicyservice/o=nfld-ehr,dc=dev,dc=emergis, /policies/o=nfld-ehr^dc=dev^dc=emergis^^realmreadonly/default/1.0/iplanetampolicyservice/o=sunamhiddenrealmdelegationservicepermissions,ou=services,dc=dev,dc=emergis, /policies/jackpolicy/default/1.0/iplanetampolicyservice/dc=dev,dc=emergis, /policies/selfwriteattributes/default/1.0/iplanetampolicyservice/o=sunamhiddenrealmdelegationservicepermissions,ou=services,dc=dev,dc=emergis, /policies/dc=dev^dc=emergis^^realmreadonly/default/1.0/iplanetampolicyservice/o=sunamhiddenrealmdelegationservicepermissions,ou=services,dc=dev,dc=emergis, /policies/p_dis_testjan1_null/default/1.0/iplanetampolicyservice/o=nfld-ehr,dc=dev,dc=emergis, /policies/routetonfld-ehr/default/1.0/iplanetampolicyservice/dc=dev,dc=emergis]
    10/15/2012 08:11:48:513 AM EDT: Thread[service-j2ee-9,5,main]
    at PolicyEvaluator.getPolicyDecision() orgsToVist=[]
    10/15/2012 08:11:48:513 AM EDT: Thread[service-j2ee-9,5,main]
    at PolicyEvaluator.getPolicyDecision() orgsToVist(after removing already visited orgs=[]
    10/15/2012 08:11:50:515 AM EDT: Thread[service-j2ee-9,5,main]
    PolicyRequestHandler.processRequest(): get response from policy framework:
    <PolicyService version="1.0" revisionNumber="30">
    <PolicyResponse requestId="2">
    <ResourceResult name="http://devappa11.dev.emergis:80">
    <PolicyDecision>
    <ResponseDecisions>
    <AttributeValuePair>
    <Attribute name="uid"/>
    <Value>cppuser1</Value>
    </AttributeValuePair>
    </ResponseDecisions>
    </PolicyDecision>
    </ResourceResult>
    </PolicyResponse>
    </PolicyService>

  • Sun access Manager session failover

    Hi,
    I am trying to install Sun Access Manager (2005Q1) with Session failover. I have hardware load balancer under which i have configuring Access Manager on two seperate boxes.
    For session failover i have configured Berkelay database on both system but am unable to start the database.
    Now i got the information that Access Manager 6.1 does not support session failover.
    Can anyone confirm if access manager 6.1 supports failover or we need to upgrade it?
    Thx in advance.
    ASN
    Message was edited by:
    asn123

    One clarification. AM 6.1 did have session failvoer feature. But it was container dependent. It used container features to provide this. Each container had its on configuration. It was made independent of the containers in AM 6.3 release. I would stonglry recommend using AM 6.3 or above if you are using session failover.
    shivaram

  • SUN Access Manager session attributes

    I'm trying to find out which session attributes that are available for a Policy Agent out of the box from Access Manager 7.1
    The AMAgent.properties file has a property:
    com.sun.am.policy.agents.config.session.attribute.map=
    But the question is which attributes you can fetch through this settup.
    I'm only found the property: successURL.
    I would like to get the authentication level and end user IP adress.

    One clarification. AM 6.1 did have session failvoer feature. But it was container dependent. It used container features to provide this. Each container had its on configuration. It was made independent of the containers in AM 6.3 release. I would stonglry recommend using AM 6.3 or above if you are using session failover.
    shivaram

  • Sun Access Manager,Policy Agent 2.2, IIS7?

    Hello everybody
    Is it possible to protect IIS7 with policy agent 2.2 and Sun Access Manager 7.1?
    Policy Agents 3.0 (for Open SSO) works with Sun Access Manager 7.1?
    regards!
    Alex Dávila

    Tanks handat      
    I found
    http://download.oracle.com/docs/cd/E19575-01/820-5816/galtf/index.html
    http://download.oracle.com/docs/cd/E19681-01/821-0267/gfxhz.html#scrolltoc     
    greetings
    alex davila

  • Sun Access Manager Resource & password resets

    Hi,
    I've got IDM 7.1 and AM 7.1, with a Sun Access Manager Realm resource. The LDAP directory (DS EE 6.0) sitting behind the AM resource has been set up to "Require Password Change at First Login and After Reset".
    However, if a user in IDM changes their AM password, the connection to AM is done as the resource adapter user, not themselves; this means that the pwdReset flag is not cleared on their account in AM, and AM will demand a password change on next login.
    This is obviously non-optimal for us, as we'd like them to change their password through IDM.
    Is there any way to change the DS policies to allow for this situation, OR to set the pwdReset flag through the resource adapter, OR to get the resource adapter to connect as the user when the Change Password flow is performed?
    Thanks,
    Michael.

    Hi Michael,
    Could you please share the solution for the problem you are facing.
    I am facing a similar issue.
    When an admin resets the password of a user and when the user logs in, he/she needs to be redirected to IDM change password page. Instead the redirection to AM change password functionality is displayed.
    Thanks,
    Vinu

  • Securing web services with Sun Access Manager

    Hi!
    I have gone through some documentation about Sun Access Manager, and I'm a little bit confused.
    What I want is to secure some web services which are deployed on a BEA WebLogic 9.1 server (WLS). Two solutions are possible: To install some kind of plugin into WLS or to place some kind of proxy in front of WLS. In both cases, the purpose would be to authenticate the caller based on some kind of ticket (SAML or similar) and authorize access to the web service.
    I have read about the "Sun Java System Access Manager Policy Agent 2.2 for Weblogic 9.1" (those guys really like long names....), but in this documentation web services aren't mentioned at all. They only seem to care about HTTP requests from a browser.
    I have also read about the Policy Agent 2.2 in the documentation called "Sun Java System Access Manager Policy Agent 2.2 Guide for Sun Java System Application Server 9.0/Web Services" (puh...). This document explicitly talks about securing web services the way I want.
    My questions are:
    1) Is it possible to secure WLS based web services in the same way using the Policy Agent for WLS?
    2) Are there any documentation/tutorials/etc?
    Thanks in advance :-)
    Anders

    what you need is a webservices agent that would enable you to "protect" your webservice provider, which I assume is on a BEA weblogic provider.
    the "Sun Java System Access Manager Policy Agent 2.2 for Weblogic 9.1" is "NOT" awebservices agent, but a normal J2EE policy agent.
    So.. having said that. here's what I'd recommend.
    1. install the webservices agent on bea weblogic. (note: NOT the J2EE policy agent)
    2. configure it to use your access manager instance for authentication.
    3. configure your webservices client to use the webservice provider. (note: you'd need the webservices APi's available on the client too... so the quick dirty method would be to install the webservices agent on your client too....) you can later bundle the webservices client independently and provide your"customers" with a webservices client bundle...
    4. voila... your webservices are not "protected" by acces manager ;-)

  • Sun Access Manager Event Sequence

    I have a third party black box piece of hardware that is redirecting browser requests to my server for authentication. I want to utilize the Sun Access Manager to perform these authentications. Do I need to use the Policy Agent, or should I attempt to communicate directly with the Access Manager? What benefit will I gain from including the Policy Agent into the mix?
    If I don't use the policy agent, here is the sequence of events as I understand them:
    1) Browser hits Black Box (BB) for protected information.
    2) BB redirects the browser to me.
    3) Browser sends me a SAML snippet. I decode and inflate the snippet, then send it off to the access manager (AM).
    4) The AM throws an invalid id exception because the user has never logged in.
    5) I catch the invalid id exception, and redirect the browser to the AM login URL. The user enters a valid id and password and hits submit.
    6) ... ?
    Is this correct up to step 5, and what happens after step 5? Any hints would be greatly appreciated.

    Okay, never mind then.

  • Siebel Integration with SUN Access Manager

    Hi Guys,
    We are trying to integrate siebel with Sun access Manager.
    I have gone thro the sun site but unable to find any documentation and policy agent to download.
    Please guide me where can i find documenttaion and policy agent software download.
    Thanks
    Regards,
    Mohit

    There is no agent to integrate with Siebel directly. However it should be possible by using Sun web server or IIS agent. Here is an old document that may still apply.
    http://docs.sun.com/source/816-6901-10/Chapter.html#wp19548
    There was more detailed integration document on Siebel web site. But it has been removed after Oracle acquisition (http://www.siebel.com/partners/portal/docs/integrationbriefs/siebel77_sjsam_tib.pdf)
    thanks,
    shivaram

  • Integrating windows authentication with Sun ACCESS MANAGER

    Hi,
    I have implemented sun access manager and successfully protected an application (ABC). At present iam using the SDS as the authentication and authorization directory. I login in to the machine using the network username and password which is on AD.
    I want to integrate my authentication/authorization mechanism from SDS to AD. so that when i login into the machine and open application ABC it should not ask me for the credentials; instead allow me to the homepage directly.
    How to do this.
    Thanks in advance
    Maruthi

    Hi!
    Maybe this helps you, it describes how to setup AM and policy agent to handle basic authentication protected sites. While the article is about sharepoint it should work for any application.
    http://developers.sun.com/identity/reference/techart/sharepoint.html
    Christoph

  • Configuring IIS6.0 with Sun Access manager

    As I am new to Sun java Access manager .I have installed and configured the Sun Access manager 7.1 on Tomcat and able to login to the console also.Now I am looking to configure the web application which resides in IIS 6.0 with Sun Access manager,To do this are there any documents about how to configure the Windows IIS 6.0Policy agent with Sun Accessmanager?In the Sun website I didnt see any document related to this configuration,could anyone please help how to work on this?
    Thanks in advance.

    http://docs.sun.com/app/docs/doc/819-4771?l=en
    should give you all the information you need. For server changes like policy refer to AM 7.1 docs on docs.sun.com

  • Access manager policyagent 2.1 fro webspher5.0  with sun access manager in

    Help It is very urgent
    I have installed my sun access manager and sun direcory server on same machine solaris10.SSL is diable in directory server.Access manager working on ssl mode means it is working on Http with port 80 and Https with port443.Access manager url is
    http://lhostname:80/amconsole or https://hostname:443/amconsole and
    http://host:80/amserver/UI/Login or https://host:443/amserver/UI/Login.it is displaying access manager login page.It is working properly standalone.
    But when i configure it with policyagent2.1 for WebSphere5.0 .WebSphere installed on windows2000 server.when i type the application URL that is running on WebSphere it does not show access manager login page.It show u r not authurised to view this page.WebSphere running on Http.
    and amService log detail is*****************************************************
    03/02/2006 05:57:32:018 PM GMT+05:30: Thread[Servlet.Engine.Transports : 0,5,main]
    Naming service URL list: [https://my.domain.com:443/amserver/namingservice]
    03/02/2006 05:57:32:018 PM GMT+05:30: Thread[Servlet.Engine.Transports : 0,5,main]
    Only one naming service URL specified. NamingServiceMonitor will be disabled.
    03/02/2006 05:57:32:018 PM GMT+05:30: Thread[Servlet.Engine.Transports : 0,5,main]
    getServiceURL for service: auth protocol: https host: my.domain.com port: 443
    03/02/2006 05:57:32:112 PM GMT+05:30: Thread[Servlet.Engine.Transports : 0,5,main]
    ERROR: Naming service connection failed
    com.iplanet.services.comm.client.SendRequestException: com.ibm.ws.orbimpl.transport.protocol.https.HttpsURLConnection
         at com.iplanet.services.comm.client.PLLClient.send(PLLClient.java:141)
         at com.iplanet.services.comm.client.PLLClient.send(PLLClient.java:73)
         at com.iplanet.services.naming.WebtopNaming.getNamingResponse(WebtopNaming.java:360)
         at com.iplanet.services.naming.WebtopNaming.updateNamingTable(WebtopNaming.java:421)
         at com.iplanet.services.naming.WebtopNaming.getNamingProfile(WebtopNaming.java:353)
         at com.iplanet.services.naming.WebtopNaming.getServiceURL(WebtopNaming.java:187)
         at com.sun.identity.authentication.AuthContext.setLocalFlag(AuthContext.java:1159)
         at com.sun.identity.authentication.AuthContext.createAuthContext(AuthContext.java:1100)
         at com.sun.identity.authentication.AuthContext.createAuthContext(AuthContext.java:1071)
         at com.sun.identity.authentication.AuthContext.<init>(AuthContext.java:142)
         at com.sun.identity.policy.client.AuthService.getAppSSOToken(AuthService.java:103)
         at com.sun.identity.policy.client.AuthService.getApplicationSSOToken(AuthService.java:79)
         at com.sun.identity.policy.client.PolicyEvaluator.getAppSSOToken(PolicyEvaluator.java:499)
         at com.sun.identity.policy.client.PolicyEvaluator.init(PolicyEvaluator.java:193)
         at com.sun.identity.policy.client.PolicyEvaluator.<init>(PolicyEvaluator.java:172)
         at com.sun.identity.policy.client.PolicyEvaluatorFactory.getPolicyEvaluator(PolicyEvaluatorFactory.java:118)
         at com.sun.identity.policy.client.PolicyEvaluatorFactory.getPolicyEvaluator(PolicyEvaluatorFactory.java:87)
         at com.sun.identity.agents.policy.AmWebPolicy.<init>(Unknown Source)
         at com.sun.identity.agents.policy.AmWebPolicyManager.<init>(Unknown Source)
         at com.sun.identity.agents.policy.AmWebPolicyManager.<clinit>(Unknown Source)
         at com.sun.identity.agents.filter.AmFilter.<init>(Unknown Source)
         at com.sun.identity.agents.filter.AmFilterManager.getAmFilter(Unknown Source)
         at com.sun.identity.agents.filter.AmFilterManager.getAmFilter(Unknown Source)
         at com.sun.identity.agents.filter.AmFilterManager.getAmFilterInstanceForModeConfigured(Unknown Source)
         at com.sun.identity.agents.filter.AmAgentFilter.doFilter(Unknown Source)
         at com.ibm.ws.webcontainer.filter.FilterInstanceWrapper.doFilter(FilterInstanceWrapper.java:132)
         at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:71)
         at com.ibm.ws.webcontainer.webapp.WebAppRequestDispatcher.handleWebAppDispatch(WebAppRequestDispatcher.java:863)
         at com.ibm.ws.webcontainer.webapp.WebAppRequestDispatcher.dispatch(WebAppRequestDispatcher.java:491)
         at com.ibm.ws.webcontainer.webapp.WebAppRequestDispatcher.forward(WebAppRequestDispatcher.java:173)
         at com.ibm.ws.webcontainer.srt.WebAppInvoker.doForward(WebAppInvoker.java:79)
         at com.ibm.ws.webcontainer.srt.WebAppInvoker.handleInvocationHook(WebAppInvoker.java:199)
         at com.ibm.ws.webcontainer.cache.invocation.CachedInvocation.handleInvocation(CachedInvocation.java:71)
         at com.ibm.ws.webcontainer.srp.ServletRequestProcessor.dispatchByURI(ServletRequestProcessor.java:182)
         at com.ibm.ws.webcontainer.oselistener.OSEListenerDispatcher.service(OSEListener.java:331)
         at com.ibm.ws.webcontainer.http.HttpConnection.handleRequest(HttpConnection.java:56)
         at com.ibm.ws.http.HttpConnection.readAndHandleRequest(HttpConnection.java:432)
         at com.ibm.ws.http.HttpConnection.run(HttpConnection.java:343)
         at com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java:592)
    Thanks & Regards
    Saini

    This is an SSL handshake problem of Websphere - has nothing to do with AM.
    Websphere�s JDK does not trust the Signer / Cert of AM�s deployment container.
    Either configure a truststore (or use an existing webshpere truststore) where you import the Cert of the Signing CA of your AM DC�s cert.
    Other option - import the mentioned cert in cacert file of IBM JDK - but be aware that this might get lost when applying an Websphere fixpack/refreshpack.
    BTW what have you configured for server.port,server.host and server.protocol in your AMConfig.properties?
    If you have not changed that settings agent will use the port/protocol specified to communicate with AM.
    -Bernhard

  • Getting error while opening Sun access manager console

    We are facing problem while accessing console of Sun Access Manager. We got No Page Found error whenever we try to access the Sun Access Manager console. We have tried restarting the directory server and web server but even that doesn�t help us. Following are the error that gets recorded in log files:-
    ERROR: AuthD init() com.iplanet.dpro.session.SessionException: AuthD failed to get auth session
    ERROR: Error creating service session java.lang.NullPointerException

    The ns-slapd.exe process belongs to the Directory Server. You should therefore check if your DS instance is set up properly.
    Michael

  • Sun Access Manager  - Authentication Error

    Hello everyone,
    I'm trying to configure Sun Access Manager 7.0 with sun web server 6.1 and directory server 5.2 on windows xp.
    I'm getting the following error when I try to login with uid=amAdmin
    "Permission to perform the read operation denied to uid=amAdmin,ou=People,dc=example,dc=com"
    I do not see any errors from the debug files. Could anyone help me in fixing this problem.
    Thanks in advance,
    -krishna

    Is your AM log level set to message? If not, set to message and retest. You should get output in your debug logs.
    On the agent side, set your logging to all:5

  • Integration of sun identity manager with sun access manager

    Hi i am working on integration of sun identity manager 6.0 with SP1 and sun access manager7.0.IDM was deployed on Sun application server 8.1.SAm is installed on SunOneWebserver i am working on windows 2003 server.I downloaded the agent for the application server and installed.
    when i am configuring resource in IDM i am getting following error.
    testconnection failed for resource(s):
    sun access manager could notconnect as user 'amadmin' with specified password==>com.sun.identity.authentication.spi.AuthLoginException:failed to create new AuthenticationContext{0}\n.
    i modified amagent.properties,amconfig.properties and web.xml also
    can any one help me on this.

    Hi i am working on integration of sun identity manager 6.0 with SP1 and sun access manager7.0.IDM was deployed on Sun application server 8.1.SAm is installed on SunOneWebserver i am working on windows 2003 server.I downloaded the agent for the application server and installed.
    when i am configuring resource in IDM i am getting following error.
    testconnection failed for resource(s):
    sun access manager could notconnect as user 'amadmin' with specified password==>com.sun.identity.authentication.spi.AuthLoginException:failed to create new AuthenticationContext{0}\n.
    i modified amagent.properties,amconfig.properties and web.xml also
    can any one help me on this.

Maybe you are looking for

  • Deploying a Par file using ANT

    Hi All, Can anyone tell me the steps how to deploy a PAR file using ant script on netweaver server.Give me some sample ant file.Suggestions will be rewarded. Thank you in advance. Regards, Karthick

  • Currency setup process in SPL ledger configuration

    Hi All, I have a urgent requirement for configuring Special Purpose Ledger and need clarification on some of the following doubts before start configuring. 1. Can we configure SPL in the system upgraded only technical with ECC 6.0 version. 2. How to

  • Material type to plant assignment

    Hi all, where in SPRO, we can assign material type to plant?? Regards, Aisha Ishrat ICI Pakistan Ltd.

  • I can't merge photos in Photoshop express

    I am trying to merge a one yen coin and a euro coin together but I can't. Do I have to get photoshop to do that

  • Main VI not visible

    Hello, Is it possible to configure a main as not visible? I have a main VI that calls some dialog box but it is not very beautiful with the main VI always visible. I tried to configure in the VI properties the VI appearance: "show front panel when ca